Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
LemonLDAP NG
lemonldap-ng
Commits
ff09c885
Commit
ff09c885
authored
Jun 29, 2021
by
Maxime Besson
Browse files
Remove deprecated options
parent
ebc29edc
Changes
1
Hide whitespace changes
Inline
Side-by-side
lemonldap-ng-common/scripts/importMetadata
View file @
ff09c885
...
...
@@ -24,12 +24,12 @@ sub toEntityIDkey {
#==============================================================================
my
%opts
;
my
$result
=
GetOptions
(
\
%opts
,
'
metadata|m=s
',
'
c
er
tificate|c=s
',
'
verbose|v
',
'
help|h
',
'
s
pconfprefix|
s
=s
',
'
idpconfprefix|i=s
',
'
warning|w
',
'
remove|r
',
'
nagios|n
',
'
blocklistsp|bs=s
',
'
blocklistidp|bi=s
',
'
dryrun|
d
'
\
%opts
,
'
metadata|m=s
',
'
v
er
bose|v
',
'
help|h
',
'
spconfprefix|s=s
',
'
id
pconfprefix|
i
=s
',
'
remove|r
',
'
nagios|a
',
'
ignore-sp=s@
',
'
ignore-idp=s@
',
'
dry
-
run|
n
'
);
#==============================================================================
...
...
@@ -40,16 +40,18 @@ if ( $opts{help} or !$opts{metadata} ) {
"
\n
Script to import SAML metadata bundle file into LL::NG configuration
\n\n
";
print
STDERR
"
Usage: $0 -m <metadata file URL>
\n\n
";
print
STDERR
"
Options:
\n
";
print
STDERR
"
\t
-c (--certificate): URL of certificate, to check metadata document signature
\n
";
print
STDERR
"
\t
-i (--idpconfprefix): Prefix used to set IDP configuration key
\n
";
print
STDERR
"
\t
-i (--idpconfprefix): Prefix used to set IDP configuration key
\n
";
print
STDERR
"
\t
-h (--help): print this message
\n
";
print
STDERR
"
\t
-m (--metadata): URL of metadata document
\n
";
print
STDERR
"
\t
-s (--spconfprefix): Prefix used to set SP configuration key
\n
";
print
STDERR
"
\t
-w (--warning): print debug messages
\n
";
print
STDERR
"
\t
-bs (--blocklistsp): list of SP entityID to avoid to modify/import
\n
";
print
STDERR
"
\t
-bi (--blocklistip): list of IdP entityID to avoid to modify/import
\n
";
print
STDERR
"
\t
-n (--nagios) : output only metrics nagios compatible
\n
";
print
STDERR
"
\t
-d (--dryrun): do nothing
\n
";
print
STDERR
"
\t
-s (--spconfprefix): Prefix used to set SP configuration key
\n
";
print
STDERR
"
\t
--ignore-sp: ignore SP maching this entityID (can be specified multiple times)
\n
";
print
STDERR
"
\t
--ignore-idp: ignore IdP matching this entityID (can be specified multiple times)
\n
";
print
STDERR
"
\t
-a (--nagios) : output statistics in Nagios format
\n
";
print
STDERR
"
\t
-n (--dry-run): do nothing
\n
";
print
STDERR
"
\t
-v (--verbose): display all actions
\n
";
print
STDERR
"
\t
-r (--remove): remove entityID inside LemonLDAP if was remove inside remote metadata
\n
";
exit
1
;
...
...
@@ -133,33 +135,9 @@ my $spCounter = {
'
ignored
'
=>
0
,
};
############# Block List manipulation
my
$blocklistsp
=
$opts
{
blocklistsp
}
||
"";
my
$blocklistidp
=
$opts
{
blocklistidp
}
||
"";
# BlockList initialisation
my
@spBlocklist
=
();
my
@spBlocklistKey
=
();
if
(
$blocklistsp
)
{
@spBlocklist
=
split
(
/,/
,
$opts
{
blocklistsp
});
}
my
@idpBlocklist
=
();
my
@idpBlocklistKey
=
();
if
(
$blocklistidp
)
{
@idpBlocklist
=
split
(
/,/
,
$opts
{
blocklistidp
})
}
foreach
my
$s
(
@spBlocklist
)
{
push
(
@spBlocklistKey
,
toEntityIDkey
(
$spConfKeyPrefix
,
$s
));
}
foreach
my
$s
(
@idpBlocklist
)
{
push
(
@idpBlocklistKey
,
toEntityIDkey
(
$idpConfKeyPrefix
,
$s
));
}
my
@spIgnorelist
=
@
{
$opts
{'
ignore-sp
'}
||
[]
};
my
@idpIgnorelist
=
@
{
$opts
{'
ignore-idp
'}
||
[]
};
#==============================================================================
# Main
...
...
@@ -223,33 +201,6 @@ else {
my
$dom
=
XML::
LibXML
->
load_xml
(
string
=>
$response
->
decoded_content
);
# Check file signature
if
(
$opts
{
certificate
}
)
{
my
$certificate_file
=
$opts
{
certificate
};
if
(
$opts
{
verbose
}
)
{
print
"
Try to download certificate file at
$certificate_file
\n
";
}
my
$cert_response
=
$ua
->
get
(
$certificate_file
);
if
(
$cert_response
->
is_success
)
{
if
(
$opts
{
verbose
}
)
{
print
"
Certificate file found:
\n
"
.
$cert_response
->
decoded_content
.
"
\n
";
}
}
else
{
die
$cert_response
->
status_line
;
}
if
(
$opts
{
verbose
}
)
{
print
"
Check metadata signature with certificate
";
}
# TODO
print
STDERR
"
[WARN] Signature verification not yet implemented
\n
"
if
$opts
{
warning
};
}
# Remove extensions
foreach
(
$dom
->
findnodes
('
//md:Extensions
')
)
{
$_
->
unbindNode
;
}
...
...
@@ -284,10 +235,10 @@ foreach
# test if IDP entityID is inside the block list
if
(
$entityID
~~
@idp
Blocklist
){
if
(
$opts
{
verbose
}
)
{
print
"
IDP
$entityID
won't be update/added
\n
";
}
if
(
$entityID
~~
@idp
Ignorelist
)
{
if
(
$opts
{
verbose
}
)
{
print
"
IDP
$entityID
won't be update/added
\n
";
}
$idpCounter
->
{
ignored
}
++
;
}
else
{
# Check if entityID already in configuration
...
...
@@ -337,7 +288,7 @@ foreach
else
{
print
STDERR
"
[WARN] IDP
$entityID
is not compatible with SAML 2.0, it will not be imported.
\n
"
if
$opts
{
warning
};
if
$opts
{
verbose
};
$idpCounter
->
{
rejected
}
++
;
}
}
...
...
@@ -404,7 +355,7 @@ foreach
# test if IDP entityID is inside the block list
if
(
$entityID
~~
@sp
Blocklist
){
if
(
$entityID
~~
@sp
Ignorelist
)
{
if
(
$opts
{
verbose
}
)
{
print
"
SP
$entityID
won't be update/added
\n
";
}
...
...
@@ -468,7 +419,7 @@ foreach
else
{
print
STDERR
"
[WARN] SP
$entityID
is not compatible with SAML 2.0, it will not be imported.
\n
"
if
$opts
{
warning
};
if
$opts
{
verbose
};
$spCounter
->
{
rejected
}
++
;
}
...
...
@@ -480,12 +431,14 @@ foreach
if
(
$opts
{
remove
}
)
{
foreach
(
keys
%$idpList
)
{
my
$idpConfKey
=
$idpList
->
{
$_
};
if
(
$idpConfKey
~~
@idpBlocklistKey
){
if
(
$opts
{
verbose
}
)
{
print
"
IDP
$idpConfKey
won't be deleted
\n
";
unless
(
defined
$mdIdpList
->
{
$_
}
)
{
if
(
$_
~~
@idpIgnorelist
)
{
$idpCounter
->
{
ignored
}
++
;
if
(
$opts
{
verbose
}
)
{
print
"
IDP
$idpConfKey
won't be deleted
\n
";
}
}
}
else
{
unless
(
defined
$mdIdpList
->
{
$_
}
)
{
else
{
delete
$lastConf
->
{
samlIDPMetaDataXML
}
->
{
$idpConfKey
};
delete
$lastConf
->
{
samlIDPMetaDataExportedAttributes
}
->
{
$idpConfKey
};
...
...
@@ -500,12 +453,14 @@ if ( $opts{remove} ) {
foreach
(
keys
%$spList
)
{
my
$spConfKey
=
$spList
->
{
$_
};
if
(
$spConfKey
~~
@spBlocklistKey
){
if
(
$opts
{
verbose
}
)
{
print
"
SP
$spConfKey
won't be deleted
\n
";
unless
(
defined
$mdSpList
->
{
$_
}
)
{
if
(
$_
~~
@spIgnorelist
)
{
$spCounter
->
{
ignored
}
++
;
if
(
$opts
{
verbose
}
)
{
print
"
SP
$spConfKey
won't be deleted
\n
";
}
}
}
else
{
unless
(
defined
$mdSpList
->
{
$_
}
)
{
else
{
delete
$lastConf
->
{
samlSPMetaDataXML
}
->
{
$spConfKey
};
delete
$lastConf
->
{
samlSPMetaDataExportedAttributes
}
->
{
$spConfKey
};
delete
$lastConf
->
{
samlSPMetaDataOptions
}
->
{
$spConfKey
};
...
...
@@ -521,24 +476,26 @@ if ( $opts{remove} ) {
my
$numConf
=
"
DRY-RUN
";
my
$exitCode
=
0
;
if
(
!
$opts
{
dryrun
}
)
{
# Register configuration
if
(
$opts
{
verbose
}
)
{
print
"
[INFO] run mod EntityID will be inserted
\n
";
}
$numConf
=
$conf
->
saveConf
(
$lastConf
,
(
cfgNumFixed
=>
1
)
);
if
(
$opts
{
verbose
}
)
{
print
"
[OK] Configuration
$numConf
saved
\n
";
$exitCode
=
0
;
}
unless
(
$numConf
)
{
print
"
[ERROR] Unable to save configuration
\n
";
$exitCode
=
1
;
}
}
else
{
if
(
$opts
{
verbose
}
)
{
print
"
[INFO] Dry-run mod no EntityID inserted
\n
";
}
if
(
!
$opts
{'
dry-run
'}
)
{
# Register configuration
if
(
$opts
{
verbose
}
)
{
print
"
[INFO] run mod EntityID will be inserted
\n
";
}
$numConf
=
$conf
->
saveConf
(
$lastConf
,
(
cfgNumFixed
=>
1
)
);
if
(
$opts
{
verbose
}
)
{
print
"
[OK] Configuration
$numConf
saved
\n
";
$exitCode
=
0
;
}
unless
(
$numConf
)
{
print
"
[ERROR] Unable to save configuration
\n
";
$exitCode
=
1
;
}
}
else
{
if
(
$opts
{
verbose
}
)
{
print
"
[INFO] Dry-run mod no EntityID inserted
\n
";
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment